Sunday, July 26, 2009
This week I've made a simple XACML template that contains the information needed by an RAdAC policy. I have yet to find a paper with concrete details on how anything dealing with RAdAC should be done; I've only found high-level descriptions of it. I think as long as it implements some mechanism to allow "operational need" to trump "security risk" it falls under RAdAC. Most of the papers I've read discuss multiple policies converging to determine risk, need, and ultimately a final decision. I am using a simple model that describes the basic functionality of RAdAC using a single policy. I have started working on a design document and will finish it soon.
Posted by Lee at 8:22 PM